Bump version to 1.7.0 & update changelog

Author: mrcasual

gravityforms-zero-spam.php

@@ -3,7 +3,7 @@
  * Plugin Name:       Gravity Forms Zero Spam
  * Plugin URI:        https://www.gravitykit.com?utm_source=plugin&utm_campaign=zero-spam&utm_content=pluginuri
  * Description:       Enhance Gravity Forms to include effective anti-spam measures—without using a CAPTCHA.
- * Version:           1.6.0
+ * Version:           1.7.0
  * Author:            GravityKit
  * Author URI:        https://www.gravitykit.com?utm_source=plugin&utm_campaign=zero-spam&utm_content=authoruri
  * Requires PHP:      7.4

includes/class-gf-zero-spam-token-endpoint.php

@@ -2,7 +2,7 @@
 /**
  * REST API and admin-ajax endpoints for token minting.
  *
- * @since TBD
+ * @since 1.7.0
  */
 
 if ( ! defined( 'WPINC' ) ) {
@@ -14,7 +14,7 @@ class GF_Zero_Spam_Token_Endpoint {
 	/**
 	 * Maximum token requests per IP per minute.
 	 *
-	 * @since TBD
+	 * @since 1.7.0
 	 *
 	 * @var int
 	 */
@@ -23,7 +23,7 @@ class GF_Zero_Spam_Token_Endpoint {
 	/**
 	 * REST API namespace.
 	 *
-	 * @since TBD
+	 * @since 1.7.0
 	 *
 	 * @var string
 	 */
@@ -32,7 +32,7 @@ class GF_Zero_Spam_Token_Endpoint {
 	/**
 	 * Registers hooks for both REST and admin-ajax endpoints.
 	 *
-	 * @since TBD
+	 * @since 1.7.0
 	 */
 	public function __construct() {
 		add_action( 'rest_api_init', [ $this, 'register_rest_route' ] );
@@ -43,7 +43,7 @@ public function __construct() {
 	/**
 	 * Registers the REST API route for token minting.
 	 *
-	 * @since TBD
+	 * @since 1.7.0
 	 *
 	 * @return void
 	 */
@@ -69,7 +69,7 @@ public function register_rest_route() {
 	/**
 	 * Handles the REST API token request.
 	 *
-	 * @since TBD
+	 * @since 1.7.0
 	 *
 	 * @param WP_REST_Request $request The REST request.
 	 *
@@ -84,7 +84,7 @@ public function handle_rest( $request ) {
 	/**
 	 * Handles the admin-ajax token request.
 	 *
-	 * @since TBD
+	 * @since 1.7.0
 	 *
 	 * @return void
 	 */
@@ -108,7 +108,7 @@ public function handle_ajax() {
 	/**
 	 * Shared handler that validates the request and mints a token.
 	 *
-	 * @since TBD
+	 * @since 1.7.0
 	 *
 	 * @param int $form_id The form ID to mint a token for.
 	 *
@@ -157,7 +157,7 @@ private function handle_token_request( int $form_id ) {
 	/**
 	 * Checks per-IP rate limit using transients.
 	 *
-	 * @since TBD
+	 * @since 1.7.0
 	 *
 	 * @return true|WP_Error True if within limits, WP_Error if exceeded.
 	 */
@@ -171,7 +171,7 @@ private function check_rate_limit() {
 		 * Useful for sites behind Cloudflare, load balancers, or reverse proxies
 		 * where REMOTE_ADDR is the proxy IP, not the visitor's IP.
 		 *
-		 * @since TBD
+		 * @since 1.7.0
 		 *
 		 * @param string $ip The client IP address. Default: $_SERVER['REMOTE_ADDR'].
 		 */
@@ -187,7 +187,7 @@ private function check_rate_limit() {
 		 *
 		 * Increase for sites behind corporate NAT or shared IP environments.
 		 *
-		 * @since TBD
+		 * @since 1.7.0
 		 *
 		 * @param int $limit The maximum request count per minute. Default: 30.
 		 */

includes/class-gf-zero-spam-token.php

@@ -2,7 +2,7 @@
 /**
  * Stateless HMAC-SHA256 token minting and validation.
  *
- * @since TBD
+ * @since 1.7.0
  */
 
 if ( ! defined( 'WPINC' ) ) {
@@ -14,7 +14,7 @@ class GF_Zero_Spam_Token {
 	/**
 	 * Mints a signed anti-spam token for a given form.
 	 *
-	 * @since TBD
+	 * @since 1.7.0
 	 *
 	 * @param int $form_id The Gravity Forms form ID.
 	 * @param int $ttl     Token time-to-live in seconds. Default 600 (10 minutes).
@@ -36,7 +36,7 @@ public static function mint( int $form_id, int $ttl = 600 ): string {
 	/**
 	 * Validates a signed anti-spam token.
 	 *
-	 * @since TBD
+	 * @since 1.7.0
 	 *
 	 * @param string $token            The token to validate.
 	 * @param int    $expected_form_id The form ID the token must match.
@@ -145,7 +145,7 @@ public static function validate( string $token, int $expected_form_id ): array {
 	 * Uses WordPress AUTH_KEY and SECURE_AUTH_KEY constants, which are unique per
 	 * site and never exposed in HTML output.
 	 *
-	 * @since TBD
+	 * @since 1.7.0
 	 *
 	 * @param int $salt_version The salt version number.
 	 *
@@ -158,7 +158,7 @@ public static function get_site_secret( int $salt_version ): string {
 	/**
 	 * Returns the current salt version.
 	 *
-	 * @since TBD
+	 * @since 1.7.0
 	 *
 	 * @return int The current salt version number.
 	 */
@@ -169,7 +169,7 @@ public static function get_salt_version(): int {
 	/**
 	 * Returns the previous salt version, if one exists during a rotation window.
 	 *
-	 * @since TBD
+	 * @since 1.7.0
 	 *
 	 * @return int|null The previous salt version, or null if not in a rotation window.
 	 */
@@ -186,7 +186,7 @@ public static function get_previous_salt_version(): ?int {
 	/**
 	 * Encodes data using base64url (RFC 4648 section 5).
 	 *
-	 * @since TBD
+	 * @since 1.7.0
 	 *
 	 * @param string $data The data to encode.
 	 *
@@ -199,7 +199,7 @@ public static function base64url_encode( string $data ): string {
 	/**
 	 * Decodes a base64url-encoded string (RFC 4648 section 5).
 	 *
-	 * @since TBD
+	 * @since 1.7.0
 	 *
 	 * @param string $data The base64url-encoded string.
 	 *

includes/class-gf-zero-spam.php

@@ -207,7 +207,7 @@ public function add_key_field( $form ) {
 		/**
 		 * Filters the timeout (in milliseconds) for AJAX token fetch attempts.
 		 *
-		 * @since TBD
+		 * @since 1.7.0
 		 *
 		 * @param int $timeout Timeout in milliseconds. Default 3000.
 		 */
@@ -458,7 +458,7 @@ public function check_key_field( $is_spam = false, $form = [], $entry = [] ) {
 	 * Sets a migration deadline on first encounter and accepts the legacy key
 	 * until the deadline passes. After the deadline, the legacy key is rejected.
 	 *
-	 * @since TBD
+	 * @since 1.7.0
 	 *
 	 * @param string $submitted_key The submitted legacy key.
 	 *
@@ -495,7 +495,7 @@ private function validate_legacy_key( string $submitted_key ) {
 	/**
 	 * Displays an admin notice during the migration from static key to signed tokens.
 	 *
-	 * @since TBD
+	 * @since 1.7.0
 	 *
 	 * @return void
 	 */
@@ -527,7 +527,7 @@ public function migration_notice() {
 	/**
 	 * Cleans up legacy options after the migration deadline has passed.
 	 *
-	 * @since TBD
+	 * @since 1.7.0
 	 *
 	 * @return void
 	 */

readme.txt

@@ -3,7 +3,7 @@ Contributors: gravityview
 Tags: gravity forms, spam, captcha, honeypot, anti-spam
 Requires at least: 4.7
 Tested up to: 6.9.1
-Stable tag: 1.6.0
+Stable tag: 1.7.0
 Requires PHP: 7.4
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
@@ -110,9 +110,9 @@ You can enable a spam summary report email. This email will be sent to the email
 
 == Changelog ==
 
-= develop =
+= 1.7.0 on March 5, 2026 =
 
-* Added: Stronger spam prevention using signed, time-limited tokens fetched at submit time
+* Added: Stronger spam prevention using signed, time-limited tokens
 * API: Added `gf_zero_spam_client_ip` filter to override the visitor IP used for rate limiting (useful for sites behind Cloudflare or load balancers)
 * API: Added `gf_zero_spam_rate_limit` filter to adjust the maximum token requests allowed per IP per minute (default: 30)